-
Notifications
You must be signed in to change notification settings - Fork 3.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Release: npm@6.4.0 #43
Conversation
…le (#8) As discussed on npm.community[1], the fact that npm registry authentication tokens cannot be defined using environment variables does not seem justified anymore. The restriction is caused by the config loader translating * all `_` to `-` * the whole variable name to lowercase while the credential checker expects a key ending in `:_authToken`. This change fixes the problem by having the credential checker try a key ending in `:-authtoken` after it tried `:_authToken`. Fixes: https://npm.community/t/233 Fixes: npm/npm#15565 PR-URL: #8 Credit: @mkhl Reviewed-By: @zkat
Remove publish from list of commands not affected by dry-run PR-URL: #34 Credit: @joebowbeer Reviewed-By: @zkat
Fixes: #986 PR-URL: #35 Credit: @valentin2105 Reviewed-By: @zkat
PR-URL: #36 Credit: @noahbenham Reviewed-By: @zkat
`npm audit` currently exits with exit code 1 if any vulnerabilities are found of any level. Add a flag of `--audit-level` to `npm audit` to allow it to pass if only vulnerabilities below a certain level are found. Example: `npm audit --audit-level=high` will exit with 0 if only low or moderate level vulns are detected. Fixes: https://npm.community/t/245 PR-URL: #31 Credit: @lennym Reviewed-By: @zkat
Credit: @zkat
Credit: @shesek Fixes: shesek/iferr#2
Fixes: isaacs/node-tar#177 Credit: @isaacs
Fixes: npm/hosted-git-info#34 Fixes: npm/hosted-git-info#32 Fixes: npm/hosted-git-info#35 Credit: @iarna Credit: @Erveon Credit: @huochunpeng
CHANGELOG.md
Outdated
|
||
### DOCUMENTATION | ||
|
||
* [`c3ab25f3f`](https://github.com/npm/cli/commit/c3ab25f3f54038a813f765845a72ee9f9d836d7d) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is really just a chore and doesn't need to be in the changelog.
|
||
### NEW FEATURES | ||
|
||
* [`6e9f04b0b`](https://github.com/npm/cli/commit/6e9f04b0baed007169d4e0c341f097cf133debf7) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
wow the implementation for that ended up being waaay better than it originally was
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agreeee
🐑 |
They just published node-gyp@3.8.0 which now uses request@^2.8.7 to resolve the ref: nodejs/node-gyp#1521 |
Credit: @rvagg
@brodybits nice! Thanks for pointing that out! And thanks @rvagg for getting the release out! 🎉 I've updated our dep updates and the changelog. 👍 |
|
FEATURES * [bbcf7b2](npm/hosted-git-info@bbcf7b2) [#46](npm/hosted-git-info#46) [#43](npm/hosted-git-info#43) [#47](npm/hosted-git-info#47) [#44](npm/hosted-git-info#44) Add support for GitLab groups and subgroups ([@mterrel](https://github.com/mterrel), [@isaacs](https://github.com/isaacs), [@ybiquitous](https://github.com/ybiquitous)) BUGFIXES * ([3b1d629](npm/hosted-git-info@3b1d629)) [#48](npm/hosted-git-info#48) fix http protocol using sshurl by default ([@fengmk2](https://github.com/fengmk2)) * [5d4a8d7](npm/hosted-git-info@5d4a8d7) ignore noCommittish on tarball url generation ([@isaacs](https://github.com/isaacs)) * [1692435](npm/hosted-git-info@1692435) use gist tarball url that works for anonymous gists ([@isaacs](https://github.com/isaacs)) * [d5cf830](npm/hosted-git-info@d5cf830) * Do not allow invalid gist urls ([@isaacs](https://github.com/isaacs)) * [e518222](npm/hosted-git-info@e518222) Use LRU cache to prevent unbounded memory consumption ([@iarna](https://github.com/iarna))
Bumps [tap](https://github.com/tapjs/node-tap) from 15.2.3 to 16.0.1. - [Release notes](https://github.com/tapjs/node-tap/releases) - [Commits](tapjs/tapjs@v15.2.3...v16.0.1) --- updated-dependencies: - dependency-name: tap dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Rendered CHANGELOG